Fischer, Johannes wrote:
Hi @all,
Ive tried to implement a olcAccess via regex for multiple directory entries.
The goal was to group different users in two standard groups. Each group does
have other access rules. I didnt what to do such a thing for every entry, so
I thought that Im able to do that with regexes.
But my olcAccess rules doesnt work.
Ive already posted the question to stackoverflow, but no answers till now.
Here the link:
http://stackoverflow.com/questions/31693040/ldap-olcaccess-regex-are-not-working-as-expected
There are no OpenLDAP experts on stackoverflow.
And here the rule for a regex access:
olcAccess: {1}to dn.regex="^o(.+),dc=organizations,dc=example,dc=ldap$"
attrs=children
by group.exact="cn=ADMINS,o=[$1],dc=organizations,dc=example,dc=ldap$" write
by group.exact="cn=USER,o=[$1],dc=organizations,dc=example,dc=ldap$" read
by * none
Does somebody can help me? Or is such a thing not possible to do?
Your rule uses group.exact, which means it is NOT doing regex evaluation. Read
the slapd.access(5) manpage again.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
